Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN client - PIX with NAT/PAT


I have a PIX (6.1) and many users with VPN client 3.x. Some of them are behind various network equipment (Firewall, router ...) which perform dynamic NAT (PAT). Of course in this case the VPN doesn't work.

I found two potential solution :

-> IPSec over UDP. But I can't found how to configure this on my PIX and it's seem that this solution is only possible with a VPN concentrator. In this case I just want to ask why and if it will be avaible on a PIX one day (and when of course) =)

-> ESP-aware PAT device. If the device can use the ESP header to update his translation tables it would be perfect. But I did not find if a Checkpoint FW, a Raptor FW or even a PIX is an ESP-aware PAT device. Did somebody have any infos on these products ?


Community Member

Re: VPN client - PIX with NAT/PAT

IPSec through PAT is only available on the 3000 series with UDP encapsulation.

I haven't heard any plans to implement this on the PIX - however, you can try through your Cisco Sales channel to get an feature enhancement request put through.

CreatePlease to create content